Firms are spending millions of pounds on digital systems but are overlooking the need for basic updates and checks to protect their business from cyber attacks, an expert has warned.
Tanium is a US-headquartered cyber security firm with clients across a range of sectors, including the big 10 US banks, PwC, eBay, Amazon, and the US and UK intelligence agencies.
Matt Ellard, vice president of Tanium’s EMEA arm, said large firms spend tens of millions of pounds on end-point solutions but continue to struggle with basic system tasks, such as compliance and updating software to the latest version.
Cyber security has entered the spotlight after major organisations around the world, including most recently in the UK the NHS, collapsed temporarily when their digital systems were infected with a virus.
Mr Ellard, who will be leading Tanium’s expansion into the UK, said firms were not necessarily being neglectful by not investing enough money in their IT systems, but were instead failing to regularly carry out functions to keep those systems secure.
He compared this to having high-tech security systems installed in a house, saying if the doors and windows are left open then it makes that security useless.
Companies need to find their unmanaged systems before cyber criminals do. Matt Ellard“People continue to spend a lot of money on IT infrastructure, so they are investing money in IT but they need to start looking at investing in different ways.
“It’s not about endless investment in the latest shiny IT solution,” he said, adding firms need a broader approach when it comes to the management and “security hygiene” of their IT systems.
Mr Ellard said there is a “visibility gap”, meaning firms do not always know how many computers they have linked to their system, what applications are running on those computers, and what versions of software they have.
He said a digital system that is not fully visible at scale will be vulnerable to attacks, and will not be able to respond quickly when taking corrective action.
“It’s not just about protection it’s about remediation,” he added.
“There is always going to be the latest shiny gadget that you can put on your computer; but you’ve got to go back to the fundamentals and know what computers you have got and whether they are controlled by the policies and protocols.
“Companies need to find their unmanaged systems before cyber criminals do.”
Last month, a report from LexisNexis Risk Solutions said old-style ‘legacy’ technology act as the biggest barrier in the fight against cyber criminals.
The financial professionals who were questioned as part of the survey said legacy technology prevents firms from taking effective action to prevent financial crime.
Mr Ellard agreed with the findings in the report, adding: “New problems are trying to be solved with old security tools and we need to make sure we bridge that gap between the new development of IT and the legacy tools.”
Tanium is currently valued at $3.5bn (£2.7bn) and plans to launch an initial public offering in the next 18 months.
Alex Reynolds, financial adviser at Advies Private Clients, said: "I think many firms simply do not understand the threat from cyber attacks and therefore do not know how to protect themselves."
He said cyber crime is a big risk for firms across all sectors, adding: "I don’t think we have even seen many attacks yet, but they will increase much more over the next few years."
Mr Reynolds said investment platforms are definitely a risk due to their size, but said there at least some safeguards in place to avoid disinvestment to third-party accounts.
"There should be some guidance set out for firms that deal with sensitive client information to ensure that we comply with a minimum standard, but I can’t see that happening until there are more breaches.
"Like all things, the industry should pull together to look at solutions and we need to continue to adapt to the continuing changing in technology around us which will generally mean employing or contacting specialist to protect systems and data."
katherine.denham@ft.com
